INSIGHTS, NEWS & DISCOVERIESFROM IOACTIVE RESEARCHERS

Wednesday, November 25, 2015

Lenovo released a new version
of the Lenovo System Update advisory (https://support.lenovo.com/ar/es/product_security/lsu_privilege) about
two new privilege escalation vulnerabilities I had reported to Lenovo a couple
of weeks ago (CVE-2015-8109, CVE-2015-8110). IOActive and Lenovo have issued
advisories on these issues.

Before digging into the details,
let’s go over a high-level overview of how the Lenovo System Update pops up the
GUI application with Administrator privileges.

Thursday, November 19, 2015

By Michael Allen @_Dark_Knight_Every so
often we hear stories of people losing their mobile phones, often with
sensitive photos on them. Additionally, people may lend their phones to friends
only to have those friends start going through their photos. For whatever
reason, a lot of people store risqué pictures on their devices. Why they feel
the need to do that is left for another discussion. This behavior has fueled a
desire to protect photos on mobile devices.

One popular
option are photo vault applications. These applications claim to protect your
photos, videos, etc. In general, they create albums within their application
containers and limit access with a passcode, pattern, or, in the case of newer devices,
TouchID.

I decided to
take a look at some options for the iOS platform. I did a quick Google search
for “best photo vaults iOS” and got the following results: